Moving from Specifications to Contracts in Component-Based Design

Bauer, Sebastian; David, Albert; Hennicker, Rolf; Larsen, Kim Guldstrand; Legay, Axel; Nyman, Ulrik; Wąsowski, Andrzej

doi:10.1007/978-3-642-28872-2_3

Cited by 84 publications

(123 citation statements)

References 38 publications

Supporting

Mentioning

120

Contrasting

Order By: Relevance

“…3 The results of applying single top-down tightening is shown in Fig. 4, where blue crosses represent those cases which all subcontracts are relevant after tightening and red circles indicates those cases in which the simplification involves the removal of some irrelevant subcontracts.…”

Section: Tightening a Single Contract Refinementmentioning

confidence: 99%

See 1 more Smart Citation

Tightening the contract refinements of a system architecture

Cimatti

Demasi

Tonetta

2018

Form Methods Syst Des

View full text Add to dashboard Cite

Contract-based design is an emerging paradigm for correct-by-construction hierarchical systems: components are associated with assumptions and guarantees expressed as formal properties; the architecture is analyzed by verifying that each contract of composite components is correctly refined by the contracts of its subcomponents. The approach is very efficient, because the overall correctness proof is decomposed into proofs local to each component. However, the process for the contract specification and refinement is quite expensive because the requirements are formalised into formal properties, where part of the complexity is delegated to the designer, who has the burden of specifying the contracts. Typical problems include understanding which contracts are necessary, and how they can be simplified without breaking the correctness of the refinement and other refinements in case some subcontracts are shared. In this paper, we tackle these problems by proposing a technique to understand and simplify the contract refinements of a system architecture during the development process for the contract specification and refinement. The technique, called tightening, is based on parameter synthesis. The idea is to generate a set of parametric proof obligations, where each parameter evaluation corresponds to a variant of the original(s) contract refinement(s), and to search for tighter variants of the contracts that still ensure the correctness of the refinement(s). We cast this approach in the OCRA framework, where contracts are expressed with LTL formulas, and we evaluate its performance and effectiveness on a number of benchmarks.

show abstract

Section: Tightening a Single Contract Refinementmentioning

confidence: 99%

“…e.g., [3][4][5]15,17,18,22,29]), is an emerging paradigm for correct-by-construction systems which structures components properties into contracts. A contract specifies the properties assumed to be satisfied by the component environment (assumptions), and the properties guaranteed by the component in response (guarantees).…”

Section: Introductionmentioning

confidence: 99%

Tightening the contract refinements of a system architecture

Cimatti

Demasi

Tonetta

2018

Form Methods Syst Des

View full text Add to dashboard Cite

show abstract

“…If an architecture only consists of two hierarchical levels, then property (3) corresponds to dominance/refinement of contracts as described in [4,6,7,61,68], the basic idea of compositionality [33,66], and in particular, the notion of completeness in ISO 26262 [37]. Thus, property (3) is a central concept in this paper since completeness characterizes the particularly stringent RE advocated in FuSa standards such as IEC 61508 and ISO 26262.…”

Section: Hierarchical Structuring Of Requirements Using Contractsmentioning

confidence: 99%

Providing tool support for specifying safety-critical systems by enforcing syntactic contract conditions

Westman

Nyberg

2017

Requirements Eng

View full text Add to dashboard Cite

Functional safety standards such as IEC 61508 and ISO 26262 advocate a particularly stringent requirements engineering where safety requirements must be structured in a hierarchical manner and specified in accordance with the system architecture. In contrast to the stringent requirements engineering in functional safety standards, according to previous studies, requirements engineering in industry is in general of poor quality. Contracts theory has been previously shown to be suitable for supporting such a stringent requirements engineering effort; this support has also been implemented in tools. However, to use these contract-based tools, requirements must be formalized, which is a major challenge in industry. Therefore, to support current industrial requirements engineering practice and the stringent requirements engineering in functional safety standards, it is shown how tool support can be provided even when requirements, and also architectures, are not formalized. This is achieved by enforcing syntactic, yet formal, conditions in contracts theory. Despite the need for further validation, initial findings in an industrial case study indicate high potential in realizing the proposed support in an industrial setting.

show abstract

“…Larsen et al consider a cross between modal specifications and interface automata [1], where refinement is given in terms of alternating simulation/modal refinement (which is stronger than our trace containment), and no operations for conjunction and quotient are given. Surveying [16], Bauer et al provide a generic construction for obtaining a contract framework based on AG pairs from a component-based specification theory. The abstract ideas share similarity with our framework, and it is interesting to note how parallel composition of contracts is defined in terms of the conjunction and quotient operators of the specification theory.…”

Section: Contributionsmentioning

confidence: 99%

Assume-Guarantee Reasoning for Safe Component Behaviours

Chilton

Jönsson

Kwiatkowska

2013

Formal Aspects of Component Software

View full text Add to dashboard Cite

Abstract. We formulate a sound and complete assume-guarantee framework for reasoning compositionally about safety properties of component behaviours. The specification of a component, which constrains the temporal ordering of input and output interactions with the environment, is expressed in terms of two prefix-closed sets of traces: an assumption and guarantee. The framework supports dynamic reasoning about components and specifications, and includes rules for parallel composition, logical conjunction corresponding to independent development, and quotient for incremental synthesis. Practical applicability of the framework is demonstrated by considering a simple printing example.

show abstract

Moving from Specifications to Contracts in Component-Based Design

Cited by 84 publications

References 38 publications

Tightening the contract refinements of a system architecture

Tightening the contract refinements of a system architecture

Providing tool support for specifying safety-critical systems by enforcing syntactic contract conditions

Assume-Guarantee Reasoning for Safe Component Behaviours

Contact Info

Product

Resources

About